Informa Disclosures UK&IRE

Redaction Management

Our Redaction Management Solutions allow users to Redact Manually or Automatically by using Insights to find any Personal Identifiable Information. Exemption codes and page numbers are recorded as you redact so scheduling your documents for release is immediate.

Features

• High Speed Manual Redaction
• Automatic Redaction via Insights
• Imbedded Acts for automatic exemption handling
• De-Duplication and Duplication Handling for Redaction
• Email conversation and thread filtering
• Automatic scheduling of redactions applied with their exemption codes
• Production Options black, white, outline and transparent

Benefits

• Superior automated redaction taking 70%+ off redaction time
• Insights for automatic identification and redaction of PII categories
• Built in scheduling mechanism to list your documents

£495 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tgilsenan@informadisclosures.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

280790125292698

Contact

Tom Gilsenan
0203 368 8250
tgilsenan@informadisclosures.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our Reveal ZyLAB Review Management Platforms.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Modern browser (Chrome, Edge Chromium or Firefox Internet Browser recommended)
  • Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 working hours response time during business hours, 9-5.30, Mon-Fri. Platform support is available 24/7 via ticketing if required.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Phone and remote technical support during business hours. Project Management support hours included in packages (hours vary between packages, see rates). Technical account manager will be assigned. Additional project management support is available at £100 per hou
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and documentation will be provided. Informa will provide one to one training and advice to suit the customer's requirements. Online training course via Reveal ZyLAB are available. Customer User Guides and Videos can be made available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Online Reveal Zylab certification course with tutorial videos
  • Informa Webinars
• End-of-contract data extraction: Documents can be produced natively or as images by the user. Data can be produced from the system in multiple formats that will make them compatible with other systems: - CSV. - Summation. - Concordance/Opticon. - EDRM XML 1.2. - IPro.
• End-of-contract process: Data can be purged or produced as per customer requirements. If there are customisations or requirements outside a standard production there may be additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service is accessible via web browser. After logging in, the Review interface allows users to search, view, tag and redact documents. Advanced searching functionality is aided with GUI query builder. Users can access configuration settings if permissions are granted. Data can be produced according to requirements. When viewing a documents various panes display information such as email chain, document properties, redaction information, tagging, etc
• Accessibility standards: None or don’t know
• Description of accessibility: System meets the standards of WCAG 2.0 AA.
• Accessibility testing: Testing report from Reveal-Zylab available
• API: Yes
• What users can and can't do using the API: All functionality is available via API. Any projects requiring API usage will require engaging with Informa as the API is not fully documented and some customisations are required. Some examples of API usage: - Create matter. - Search documents. - Redact documents. - Upload documents. - Check review status. - Download Productions. - View uploads and status. - Document source identification. - Deduplication reporting. - Audit Log information. - Data Retention processes- automate deletion of data as required. - Reporting on redactions and exemption codes.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Custom Insights for Automatic Redaction can be created by users with training. ; Workflow and tagging can be customised. Permissions fully customisable. Customisations will be performed by administrators and client driven.

Scaling

• Independence of resources: Cloud servers will scale resources to meet demand. Dedicated servers are also available.

Analytics

• Service usage metrics: Yes
• Metrics types: Users, throughput per user, Processing statistics, production reporting, failed actions, Deduplication reporting, Insights/analytics reporting, Entity management reporting.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Reveal-ZyLAB

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Production module allows many custom methods of exporting. Features include native documents, convert to PDF images, PDF options, burn-in field data, redaction appearance, load files in various formats. The data that the user specifies is downloaded in a zip file via the browser.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Summation
  • Concordance
  • EDRM Xml 1.2
  • Documents can be converted to PDF
  • Native Documents
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • All well known document types are supported
  • Archives, eg: 7z, RAR, GZip, Tar, zip
  • Databases, eg: DBase, Access, Works DB, R:Base, Framework DB
  • Email, eg: .eml, .msg, .ost, .pst, .NSF, .MHT, .EMLX
  • Multimedia, eg: avi, mp3, mpg, asf, wma, Flash
  • Spreadsheet, eg: Excel various formats, Enable, Framework SS, IBM Lotus
  • Raster, eg various versions of: Photoshop, BMP, JPG, PNG, TIFF
  • Text Processors, eg: MSWord Lotus WordPro, LibreOffice, OfficeWriter
  • Forensic, eg: EWF-E01, 001, L01, EX01, LX01, AFF, AD

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Access to the server can be restricted to specified IP addresses (depending on shared or dedicated environment)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Informa/Reveal-Zylab aim to achieve minimum 99.5% service availability. The service is available 24 hours a day, 7 days a week, except for: (a) planned downtime (of which Informa shall use commercially reasonable efforts to give at least 8 hours’ notice and which Informa shall schedule to the extent reasonably practicable during the weekend hours from 12:01 A.M. Saturday to 11:59 P.M. Sunday CET); or (b) any unavailability caused by circumstances beyond Informa/ZyLAB's reasonable control. There is no recompense available in the event of not meeting expected service availability.
• Approach to resilience: ZyLAB’s SQL servers run in High Availability mode to allow redundancy. In the event of a disaster, a customer's environment can be restored to a previous state in time. Customer data is backed-up daily. Reveal-ZyLAB keeps daily backups for 8 days and weekly backups for 5 weeks. This scheme enables restoration of the latest healthy state. Reveal-ZyLAB is utilizing Azure & AWS Backup & Restore services with local redundancy. Backup and restore are tested periodically. All backups are stored in encrypted format.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: The user authenticates via AWS-Azure Active Directory, supplying username and password. 2-Factor authentication is required, the user selects if they want to receive SMS with one-time use code, or to receive a phone call.
• Access restrictions in management interfaces and support channels: There is an extensive list of permissions within the system that allow restrictions to be applied. Standard roles are available and customisable. Restrictions can be applied to functionality and subsets of documents.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Description of management access authentication: Management users authenticate via AWS or Azure Active Directory, supplying username and password. 2-Factor authentication is required, the user selects if they want to receive SMS with one-time use code, or to receive a phone call.

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe
• ISO/IEC 27001 accreditation date: 20/10/2020
• What the ISO/IEC 27001 doesn’t cover: Outsourcing of software development is not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Some sections not applicable/in scope during assessment.
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC 2 Type II, Cloud Security Alliance (CSA) STAR 1
• Information security policies and processes: We have a suite of policies in place formed around our ISO 27001 certification. We carry out regular internal audits to ensure the policies are being followed and we have a 3rd party external audit every 6 months.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are recorded via a Request For Change (RFC) in change management system Zendesk. Documentation of changes and logs from changes are recorded in the RFC. A standard change is low impact and pre-authorized by the organization. The initiator can record and implement the change following the documented procedure or work instruction. All non standard changes require approval by the CTO before implementation in production. For each change the risk to the business service should be assessed. Change approval is required for non-standard changes submitted.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are managed according to our ISO policies. We maintain a Risk register and manage risks on an ongoing basis through our system. Patches are tested and deployed as soon as available. Updated information on regular threats is attained from interaction with security forums and other online platforms.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The cloud platform used for SaaS is monitored by Microsoft’s security advisor. This way the configuration of the cloud environment is assessed against best practices. Findings are reviewed by CloudOps. Operational procedures are defined with continuous monitoring in mind. All ICT components are protected against malicious software (Virus, malware, etc.) which is centrally managed and controlled. Malware prevention software is configured to clean malicious software. If cleaning isn’t possible the content is stored in quarantine. Restoring infected files is disabled for regular users. Malware prevention software is configured to update on a regular basis with a maximum timeframe of daily.
• Incident management type: Supplier-defined controls
• Incident management approach: As part of our ISO 27001 system we have a documented Information Security Incident Management plan, including steps on detection, reporting internally, mitigation, reporting to data owners and authorities.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  We offer 100% Staff the Cycle to Work scheme Over 50% of our Waste is Recycled We installed LED bulbs throughout our Warehouse and will replace with LED as others go. We support working from home and host online group meetings daily instead of in main office. We have replaced client site visits with on-line meetings saving 2-3 visits per client. We deliver sustainability training programmes to ensure staff are well informed and understand the scope of sustainability and how activities can help us towards our net zero target Informa are presently working to adopt an environmental management system to ISO14001 standard to provide the framework for monitoring, measuring and reporting across all environmental areas including emissions. ISO14064 will be used as the tool for verifying emission data to ensure robustness and assurance when publicly reporting progress towards net zero.

  Tackling economic inequality

  We pay the Living Wage or above to all your staff (100%) We contribute up to 10% of our net profits towards local sports clubs, charities and community events in dissadvantaged areas. 80% of our staff are from dissadvantaged areas. We use local businesses and SMEs whenever we can We provide ongoing access for transition year students, offering work experience and training.

  Wellbeing

  Our staff volunteer between 150 and 200 days per annum We promote and support staff flexible hours when taking a educational course and provide on-going training and upskilling internally. We organise talks for mental health and addiction awareness for younger generations.

Pricing

• Price: £495 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 1 month, review and redaction. Limited data volumes for processing and limited users
• Link to free trial: Available on Request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tgilsenan@informadisclosures.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.